[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 16 Feb 2018 13:11:08 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0cf8f634 by security tracker role at 2018-02-16T21:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,24 @@
-CVE-2018-7186 [stack buffer overflows]
+CVE-2018-7190
+       RESERVED
+CVE-2018-7189
+       RESERVED
+CVE-2018-7188 (An XSS vulnerability (via an SVG image) in Tiki before 18 
allows an ...)
+       TODO: check
+CVE-2018-7187 (The &quot;go get&quot; implementation in Go 1.9.4, when the 
-insecure ...)
+       TODO: check
+CVE-2018-7185
+       RESERVED
+CVE-2018-7184
+       RESERVED
+CVE-2018-7183
+       RESERVED
+CVE-2018-7182
+       RESERVED
+CVE-2018-7181
+       RESERVED
+CVE-2017-18190 (A localhost.localdomain whitelist entry in valid_host() in ...)
+       TODO: check
+CVE-2018-7186 (Leptonica before 1.75.3 does not limit the number of characters 
in a %s ...)
        - leptonlib <unfixed> (bug #890548)
        NOTE: 
https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a
 CVE-2018-7180
@@ -9,7 +29,7 @@ CVE-2018-7178
        RESERVED
 CVE-2018-7177
        RESERVED
-CVE-2018-7176 (FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to 
adding a user account via admin/users.php...)
+CVE-2018-7176 (FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to 
adding a ...)
        - frontaccounting <removed> (bug #890604)
        [wheezy] - frontaccounting <end-of-life> (unsupported in wheezy, 
already vulnerable to SQL injection in CVE-2014-3973)
        NOTE: 
https://securitywarrior9.blogspot.ca/2018/02/cross-site-request-forgery-front.html
@@ -529,10 +549,10 @@ CVE-2018-6946
        RESERVED
 CVE-2018-6945
        RESERVED
-CVE-2018-6944
-       RESERVED
-CVE-2018-6943
-       RESERVED
+CVE-2018-6944 (core/lib/upload/um-file-upload.php in the UltimateMember plugin 
2.0 for ...)
+       TODO: check
+CVE-2018-6943 (core/lib/upload/um-image-upload.php in the UltimateMember 
plugin 2.0 ...)
+       TODO: check
 CVE-2018-6942 (An issue was discovered in FreeType 2 through 2.9. A NULL 
pointer ...)
        - freetype <unfixed> (bug #890450)
        [stretch] - freetype <not-affected> (Vulnerable code introduced later)
@@ -571,11 +591,11 @@ CVE-2018-6929
 CVE-2018-6928 (PHP Scripts Mall News Website Script 2.0.4 has SQL Injection 
via a ...)
        NOT-FOR-US: PHP Scripts Mall News Website Script
 CVE-2018-1000066
-       RESERVED
+       REJECTED
 CVE-2018-1000065
-       RESERVED
+       REJECTED
 CVE-2018-1000064
-       RESERVED
+       REJECTED
 CVE-2017-18186 (An issue was discovered in QPDF before 7.0.0. There is an 
infinite loop ...)
        - qpdf 7.0.0-1
        [stretch] - qpdf <no-dsa> (Minor issue)
@@ -646,7 +666,7 @@ CVE-2018-6915
 CVE-2018-6914
        RESERVED
 CVE-2018-1000063
-       RESERVED
+       REJECTED
 CVE-2017-18179 (Progress Sitefinity 9.1 uses wrap_access_token as a 
non-expiring ...)
        NOT-FOR-US: Progress Sitefinity
 CVE-2017-18178 (Authenticate/SWT in Progress Sitefinity 9.1 has an open 
redirect issue ...)
@@ -943,6 +963,7 @@ CVE-2018-6793
 CVE-2018-6792 (Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 
allow ...)
        NOT-FOR-US: Saifor CVMS HUB
 CVE-2018-6791 (An issue was discovered in 
soliduiserver/deviceserviceaction.cpp in KDE ...)
+       {DSA-4116-1}
        - plasma-workspace 4:5.12.0-2
        - kde-runtime <not-affected> (Performs correct escaping)
        NOTE: https://bugs.kde.org/show_bug.cgi?id=389815
@@ -1922,12 +1943,12 @@ CVE-2017-18093
        RESERVED
 CVE-2017-18092
        RESERVED
-CVE-2017-18091
-       RESERVED
-CVE-2017-18090
-       RESERVED
-CVE-2017-18089
-       RESERVED
+CVE-2017-18091 (The admin backupprogress action in Atlassian Fisheye and 
Crucible ...)
+       TODO: check
+CVE-2017-18090 (Various resources in Atlassian Fisheye before version 4.5.1 
(the fixed ...)
+       TODO: check
+CVE-2017-18089 (The view review history resource in Atlassian Crucible before 
version ...)
+       TODO: check
 CVE-2017-18088 (Various plugin servlet resources in Atlassian Bitbucket Server 
before ...)
        NOT-FOR-US: Atlassian Bitbucket Server
 CVE-2017-18087 (The download commit resource in Atlassian Bitbucket Server 
from ...)
@@ -18039,10 +18060,10 @@ CVE-2018-0518
        RESERVED
 CVE-2018-0517 (Untrusted search path vulnerability in Anshin net security for 
Windows ...)
        NOT-FOR-US: Anshin net security for Windows
-CVE-2018-0516
-       RESERVED
-CVE-2018-0515
-       RESERVED
+CVE-2018-0516 (Untrusted search path vulnerability in FLET'S v4 / v6 address 
...)
+       TODO: check
+CVE-2018-0515 (Untrusted search path vulnerability in &quot;FLET'S Azukeru 
Backup Tool&quot; ...)
+       TODO: check
 CVE-2018-0514 (MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier 
allows ...)
        NOT-FOR-US: MP Form Mail CGI eCommerce Edition
 CVE-2018-0513 (Cross-site scripting vulnerability in MTS Simple Booking C, MTS 
Simple ...)
@@ -64393,7 +64414,7 @@ CVE-2017-2254 (Cybozu Garoon 3.5.0 to 4.2.5 allows an 
attacker to cause a denial
        NOT-FOR-US: Cybozu
 CVE-2017-2253 (Untrusted search path vulnerability in Installer of Yahoo! 
Toolbar ...)
        NOT-FOR-US: Installer of Yahoo! Toolbar (for Internet explorer)
-CVE-2017-2252 (Untrusted search path vulnerability in Self-extracting archive 
files ...)
+CVE-2017-2252 (Untrusted search path vulnerability in self-extracting archive 
files ...)
        NOT-FOR-US: File Compact
 CVE-2017-2251
        RESERVED
@@ -67091,7 +67112,7 @@ CVE-2017-0916 [Critical Vulnerability with Command 
Injection via Webhooks]
        RESERVED
        - gitlab <unfixed> (bug #888508)
        NOTE: 
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
-        NOTE: 
https://gitlab.com/gitlab-org/gitlab-ce/commit/7fc0a6fc096768a5604d6dd24d7d952e53300c82
+       NOTE: 
https://gitlab.com/gitlab-org/gitlab-ce/commit/7fc0a6fc096768a5604d6dd24d7d952e53300c82
 CVE-2017-0915 [Remote Code Execution Vulnerability in GitLab Projects Import]
        RESERVED
        - gitlab <unfixed> (bug #888508)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0cf8f63449884d389524c8c870ef76e076878105

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0cf8f63449884d389524c8c870ef76e076878105
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to